For one thing enforcing a 'patch level' for all machines on the internet will be entirely impossible.

Millions and millions of machines in different countries. Won't happen.

It's not easy even to accurately identify 'patch level' on machines (even in our corporate LAN there are many discrepancies). And of course, this assumes that everyone is running one of the 'official' operating systems. And what about internet connected appliances? How would you go about patching and checking these? How would you even KNOW what patches were appropriate or needed?

And relying on user machines for providing safety is inviting problems. The control must be at the gateway to the machines being protected.

Now as for standards organizations, there is definitely a place for voluntary standards that an organization or company can apply (similar to ISO9001) to assure their customers and others that they have met reasonable standards.